Agile Project Management and Risk Based Approach

As the security landscape gets really dynamic and threat landscapes increase, there is a big need in change the way business owners think in improving their security architecture and design.

The first lesson learnt when one is working in a big enterprise, is the use of the risk-based approach. Risk based approaches take for account the calculative measures of risk to the action taken to counter it. A great definition of what risk based approach means in the context of information security is given by SANS under their Information Security Risk Management paper, the MGT442. They give ten great points which are the following:

1. Develop basic security and policy standards
2. Establish an asset inventory ( yes you know where this came from; the SANS Top 20 CC)
3. Establish Information Security leads
4. Implement an Enterprise Risk Committee
5. Define a common approach to risk calculations
6. Establish a threat and vulnerability assessment program
7. Establish a compliance to standards review process
8. Conduct basic risk assessments for vendors
9. Implement a risk and assessment tracking system
10. Launch a risk awareness campaign.

Given all the points above, we can always fall short to follow up on one of this ten points in implementing the RBA (Risk based approach). To counter this, we can implement AGILE to run active follow ups and improve the maturity of the security space in the organisation. So one might ask. what is AGILE? AGILE is …

Yes its a dynamic and iterative method of managing a project. It complements with the dynamism of the security and risk space in the current age.

So, are you ready to implement this marriage of two systems into your organisation?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s